Hackers Breach BlackWallet DNS Server and Steal $400,000 in Cryptocurrency

Over the past weekend, unknown attackers compromised the DNS server of BlackWallet (domain BlackWallet.co), a service used for managing the Stellar Lumen (XLM) cryptocurrency. The issue was noticed not only by the service operators but also by well-known cybersecurity expert Kevin Beaumont.

While the BlackWallet team worked to regain control of their domain and warned users through all available channels (including Reddit, Twitter, GitHub, Stellar Community, and others), Beaumont investigated the situation. According to him, the attackers withdrew amounts greater than 20 XLM from users’ wallets and transferred them to the address GBH4TZYZ4IRCPO44CBOLFUHULU2WGALXTAVESQA6432MBJMABBB4GIYI. In total, the criminals managed to steal 669,920 XLM, which at the current exchange rate amounts to over $400,000.

According to BlackWallet representatives, the incident occurred because a third party gained access to the service’s hosting provider account. The details of the breach have not yet been disclosed, and an investigation is ongoing.

Stolen Funds Being Laundered

The unknown perpetrators wasted no time and have already started moving the stolen funds to the Bittrex exchange, apparently converting them into other cryptocurrencies to cover their tracks. The BlackWallet developers are doing everything they can to get the attention of Bittrex representatives and are requesting that the attackers’ account be blocked, but so far, their appeals seem to have had no effect.

Advice for Users

Currently, users are advised to consider moving their funds to other wallets using the Stellar account viewer.